Cisco splats Bash bug in busy swatting season

Cisco has begun its response to the Bash “Shell Shocked” vulnerability, the 20-year-old bug that's sent the *nix world into a frenzy.

It's going to be a long slog for the Borg, but in its advisory, Cisco has so far identified 31 individual products vulnerable to Shell Shocked, compared to seven confirmed not vulnerable. Another 23 products are under investigation at this stage.

The vulnerable systems fall under the following categories: three in its network application, service and acceleration line; three in network content and security (the identity services engine, intrusion prevention systems, and its access control server); the Unified Intelligence Center management system; various switches including the Nexus line; unified computing and unified communications products; and a bunch of telepresence products.

Software updates are available for the vulnerable systems, the company says.

Cisco also says it's created a signature for its IPS and Snort products so that attempts to exploit Shell Shocked can be spotted and blocked.

The all-clear siren has been blown for Cisco's Adaptive Security Appliance; IOS; IOS-XR on ASR 9000, CRS, and XR 1200 routers; IronPort ESA/SMA; Private Internet eXchange; Sourcefire Defense Center and Sensor products; and wireless LAN controllers.

Last week was a busy week for the Borg, with security bugs also getting swatted in IOS domain naming, NAT, metadata services, SIP, DHCP and RSVP software. ®